Get this Net+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

NEW! Network+ N11-003 2005 Beta Exam Study Guide - Just $9!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Network+
 9  Chapter 1000:  Security in the Real World

Previous Topic/Section
Encryption for Data Transmission
Previous Page
Pages in Current Topic/Section
1
Next Page
Proxy Servers and Firewalls
Next Topic/Section

X  Firewalls

By definition, a firewall filters and controls data between networks. The most typical firewall installation occurs between the corporate LAN and the Internet. With both the cost and installation headache of installing firewalls dropping rapidly, firewalls are being installed between sensitive areas and the rest of the company. Firewalls used to be the province of large companies with $20,000 or more to spend on protecting their network, and a very security-savvy network engineer on site. In recent years, simplified low-end firewalls have become available for home and SOHO (small office/home office) users as well, and are frequently used to protect home networks connected to the Internet via an always-on (dial-up not required) technology such as DSL or cable Internet.

Firewalls limit damage

A firewall offers protection from networks that have low trust or have high security needs. A classic example is the Internet and the corporate LAN.


Using a firewall, you can set up rules to control access to your LAN by certain types of traffic from out on the Internet, based on a variety of criteria. You might choose to deny incoming traffic if its source IP address matches that of a site with whom you’ve had “cracker problems” in the past. Or you might choose to deny incoming traffic on the ftp (or any other Internet service) port, if you don’t want users on the Internet to access that service on your Internet-connected system.

If incoming traffic for a particular port is blocked, an outside user trying to access the service at that port (for example, port 80 for http or 23 for telnet) will see their application hang, waiting for access, or simply return a not accessible message, depending on the firewall being used.

Configure firewall correctly or no joy

If a network uses a firewall, and clients on that network cannot access Internet hosts by name, but can access them by numeric IP address, the firewall might be blocking incoming or outgoing traffic on TCP/IP port 53, the DNS port.


Just as firewalls can be used to block traffic coming in, they can also be used to block traffic going out. For instance, a company might desire to prevent its employee users from accessing their personal electronic mailbox at their personal ISP, over the corporate Internet connection. To do this, they could deny outgoing traffic on their LAN, which is destined for ports 110 (POP3) and 25 (SMTP) on Internet systems outside their network. The author has even heard of ftp transfers out to sites on the Internet being blocked by software development companies who take every possible step to make sure that their source code does not get distributed outside their organization.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
Encryption for Data Transmission
Previous Page
Pages in Current Topic/Section
1
Next Page
Proxy Servers and Firewalls
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Network+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004

Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.